Hi, I had some problem with my FIM CM so I installed new one. In next text I will try to explain our situation. Our Goal is to implement FIM CM solution in our company. On our Domain Controller (DC) I installed Certification Authority (CA). On second server (our FIM CM server) I installed and configure SubCA, SQL Server to host the FIM CM database, IIS 7, In fact I have done everything there is on these links: http://technet.microsoft.com/en-us/library/fim_cm_test_lab_guide(WS.10).aspx http://technet.microsoft.com/en-us/library/ee534916(WS.10).aspx When i loged on on our FIM CM portal: http://fim2010/certificatemanagement/ And do „Request a permanent smart card“ I can Select a Profile Template i create before but i got an Error: Base CSP smart card self-service control is not installed or the current site is not specified in the allowed sites list by your Administrator. Please contact your system Administrator. Additional information: Object doesn't support this property or method. When i do: „Show details of my smart card“ i got the same error. I use 32-bit OS and 32-bit Internet Explorer 9. There are no warnings in Event Viewer. When i do: „Show details of my smart card“ i got the same error. I use 32-bit OS and 32-bit Internet Explorer 9. There are no warnings in Event Viewer.

On Wed, 25 May 2011 11:15:22 +0000, Toni666 wrote: When i loged on on our FIM CM portal: <http://technet.microsoft.com/en-us/library/ee534916(WS.10).aspx>http://fim2010/certificatemanagement/ And do ?Request a permanent smart card? I can Select a Profile Template i create before but i got an Error: Base CSP smart card self-service control is not installed or the current site is not specified in the allowed sites list by your Administrator. Please contact your system Administrator. Additional information: Object doesn't support this property or method. When i do: ?Show details of my smart card? i got the same error. Have you installed the FIM CM client software on the machine you're using to try to do an enrollment? Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca Swap read error. You lose your mind.

Other people had also problems using FIM CM with IE 9. See http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/46b28ecc-75ac-41c5-b54e-312803013d28. I suggest you try to use IE 8, just to be sure that IE 9 is not the problem ... Kind regards Martin Rublik

Other people had also problems using FIM CM with IE 9. See http://social.technet.microsoft.com/Forums/en-US/ilm2/thread/46b28ecc-75ac-41c5-b54e-312803013d28. I suggest you try to use IE 8, just to be sure that IE 9 is not the problem ... Kind regards Martin Rublik

Hi, Sorry i didnt explain all steps. Yes I install .NET Framework 3.5 SP1, Install Gemalto smart card drivers, Install the CM client, Add FIM CM site to Trusted Sites in Internet Explorer..on client side. I have also go to http://catalog.update.microsoft.com/v7/site/search.aspx?q=gemalto%20net%20card and reinstall Gemalto smart card drivers. I tried the same steps om my virtual machine client with IE8, but i got the same Error. A second before i got error: Base CSP smart card self-service control is not installed or the current site is not specified in the allowed sites list by your Administrator. Please contact your system Administrator. Additional information: Object doesn't support this property or method. IE9 gived me short info: Internet Explorer blocked an ActiveX control, so this page might not display correctly. I checked my IE9 settings regarding ActiveX controls and everything is like it should be.

Hi, Sorry i didnt explain all steps. Yes I install .NET Framework 3.5 SP1, Install Gemalto smart card drivers, Install the CM client, Add FIM CM site to Trusted Sites in Internet Explorer..on client side. I have also go to http://catalog.update.microsoft.com/v7/site/search.aspx?q=gemalto%20net%20card and reinstall Gemalto smart card drivers. I tried the same steps om my virtual machine client with IE8, but i got the same Error. A second before i got error: Base CSP smart card self-service control is not installed or the current site is not specified in the allowed sites list by your Administrator. Please contact your system Administrator. Additional information: Object doesn't support this property or method. IE9 gived me short info: Internet Explorer blocked an ActiveX control, so this page might not display correctly. I checked my IE9 settings regarding ActiveX controls and everything is like it should be.

Toni666 and Ante666 are the same users.

Have you inserted correct DNS names (e.g. fim2010 as well as FQDN fim2010.domain.test) for the FIM CM portal during installation of the CM client? Regards Martin

It seams IE9 was problem. On XP machine with IE8 I suceed to "Request a permanent smart card" and type in New PIN and after few moment I got this error: "Processing error: Error generating requested certificates. The requested certificate template is not supported by this CA. 0x80094800 (-2146875392)" Any idea?

It seams IE9 was problem. On XP machine with IE8 I suceed to "Request a permanent smart card" and type in New PIN and after few moment I got this error: "Processing error: Error generating requested certificates. The requested certificate template is not supported by this CA. 0x80094800 (-2146875392)" Any idea? If i log on on my FIM CM server and go to: Server Manager/Roles/Active Directory Certificate Services/Domain-FIM_CM_server-CA/Certificate Templates on FIM CM User Agent i can see under Other Information "Include e-mail address: Yes" i am not sure does it need to be "Include e-mail address: Yes"? I checked under FIM CM Key Recovery Agent and FIM CM Enrollment Agent Properties under Other Information there is "Include e-mail address: No" I am sure when i Prepared the FIM CM Agent Certificate Templates under Include e-mail name in subject name and E-mail name are cleared (not selected).

Look at the profile template and ensure that the certificate template designated in the profile template is available at the configured CA. It looks like you have either used the default smart card profile template or a copy and did not change the certificate template. It is either Smart Card Logon or Smart Card User (think it is the Smart card User template) Brian

On our DC in Active Directory Site and Services\Services\Public Key Services\Profile Templates I have: - Our Company Smart Card Profile Template (created via http://fim2010/certificatemanagement) - FIM CM Sample Profile Template - FIM CM Sample Smart Card Logon Profile Template On our FIM CM server which is also SubCA in Active Directory Certificate Services/Domain-FIM_CM_server-CA/Certificate Templates i dont have "Our Company Smart Card Profile Template" How do i created "Our Company Smart Card Profile Template"? This are steps: Creating the Fabrikam smart card profile template In this section, you create the Fabrikam smart card profile template. To create the Fabrikam smart card profile template Log on to the QS-FIMCM server as the administrator. In Internet Explorer, browse to http://FIMCMserver/certificatemanagement. On the Forefront Identity Manager page, click Click to enter. On the Forefront Identity Manager Certificate Management home page, under Administration, click Manage profile templates. On the Profile Template Management page, select the FIM CM Sample Smart Card Logon Profile Template check box, and then click Copy a selected profile template. On the Duplicate Profile page, clear the New profile template name text box, and then type Fabrikam Smart Card Profile Template. Click OK. In next steps I had problem to find [FIM CM User Profile Template]!!! I dont see i on http://FIMCMserver/certificatemanagement/Manage profile templates so i do this steps on "Our Company Smart Card Profile Template". On the Edit Profile Template [FIM CM User Profile Template] page, scroll down to Smart Card Configuration, and then click Change Settings. In the User PINs section, under User PIN policy, select User Provided, and then click OK. On the Edit Profile Template [FIM CM User Profile Template] page, under Select a view, click Enroll Policy. On the Edit Profile Template [FIM CM User Profile Template] page, under Workflow: Initiate Enroll Request, click Add new principal for enroll request initiation. On the Edit Profile Template [FIM CM User Profile Template] page, next to the Principal box, click Lookup. On the Search for Users and Groups page, select Groups, and in the Name text box, type FIM CM Subscribers. Click Search. When the search is completed, under User Logon, click fabrikam\FIM CM Subscribers. Click OK. On the Edit Profile Template [FIM CM User Profile Template] page, under Select a view, click Retire Policy. On the Edit Profile Template [FIM CM User Profile Template] page, under Workflow: Initiate Enroll Request, click Add new principal for enroll request initiation. On the Edit Profile Template [FIM CM User Profile Template] page, next to the Principal box, click Lookup. On the Search for Users and Groups page, select Groups, and in the Name text box, type FIM CM Subscribers, and then click Search. When the search is finished, under User Logon, click fabrikam\FIM CM Subscribers. Click OK. Close Internet Explorer. Whan i log on as "bsimon" user on http://fim2010/certificatemanagement under /Manage my info/Show details of my smart card Under "Smart Card Operations/Click on Enroll/ " If i choose "Review Details of a Smart Card Profile" under History (Expand this section to view the request’s history) i can see this steps: Create Request DOMAIN\bsimon 5/30/2011 12:57 PM Approve Request DOMAIN\FIMCMAgent 5/30/2011 12:57 PM Initiate Enroll Smart Card DOMAIN\bsimon 5/30/2011 12:57 PM Execute Request DOMAIN\bsimon 5/30/2011 12:58 PM Create Profile DOMAIN\bsimon 5/30/2011 12:58 PM Send Request To CA DOMAIN\bsimon 5/30/2011 12:58 PM Retrieve Response From CA DOMAIN\bsimon 5/30/2011 12:58 PM Microsoft.Clm.Shared.CertificateRequestException The requested certificate template is not supported by this CA. 0x80094800 (-2146875392) 0 Request Certificates Operation Completed DOMAIN\bsimon 5/30/2011 12:58 PM Initiate Enroll Smart Card DOMAIN\bsimon 5/30/2011 12:58 PM Execute Request DOMAIN\bsimon 5/30/2011 12:58 PM Create Profile DOMAIN\bsimon 5/30/2011 12:58 PM Send Request To CA DOMAIN\bsimon 5/30/2011 12:58 PM Retrieve Response From CA DOMAIN\bsimon 5/30/2011 12:58 PM Microsoft.Clm.Shared.CertificateRequestException The requested certificate template is not supported by this CA. 0x80094800 (-2146875392) 0 Request Certificates Operation Completed DOMAIN\bsimon 5/30/2011 12:58 PM Mark Request As Failed DOMAIN\bsimon 5/30/2011 12:58 PM MarkRequestAsFailed Marked failed by DOMAIN\bsimon 0

On our DC in Active Directory Site and Services\Services\Public Key Services\Profile Templates I have: - Our Company Smart Card Profile Template (created via http://fim2010/certificatemanagement) - FIM CM Sample Profile Template - FIM CM Sample Smart Card Logon Profile Template On our FIM CM server which is also SubCA in Active Directory Certificate Services/Domain-FIM_CM_server-CA/Certificate Templates i dont have "Our Company Smart Card Profile Template" How do i created "Our Company Smart Card Profile Template"? This are steps: Creating the Fabrikam smart card profile template In this section, you create the Fabrikam smart card profile template. To create the Fabrikam smart card profile template Log on to the QS-FIMCM server as the administrator. In Internet Explorer, browse to http://FIMCMserver/certificatemanagement. On the Forefront Identity Manager page, click Click to enter. On the Forefront Identity Manager Certificate Management home page, under Administration, click Manage profile templates. On the Profile Template Management page, select the FIM CM Sample Smart Card Logon Profile Template check box, and then click Copy a selected profile template. On the Duplicate Profile page, clear the New profile template name text box, and then type Fabrikam Smart Card Profile Template. Click OK. In next steps I had problem to find [FIM CM User Profile Template]!!! I dont see i on http://FIMCMserver/certificatemanagement/Manage profile templates so i do this steps on "Our Company Smart Card Profile Template". On the Edit Profile Template [FIM CM User Profile Template] page, scroll down to Smart Card Configuration, and then click Change Settings. In the User PINs section, under User PIN policy, select User Provided, and then click OK. On the Edit Profile Template [FIM CM User Profile Template] page, under Select a view, click Enroll Policy. On the Edit Profile Template [FIM CM User Profile Template] page, under Workflow: Initiate Enroll Request, click Add new principal for enroll request initiation. On the Edit Profile Template [FIM CM User Profile Template] page, next to the Principal box, click Lookup. On the Search for Users and Groups page, select Groups, and in the Name text box, type FIM CM Subscribers. Click Search. When the search is completed, under User Logon, click fabrikam\FIM CM Subscribers. Click OK. On the Edit Profile Template [FIM CM User Profile Template] page, under Select a view, click Retire Policy. On the Edit Profile Template [FIM CM User Profile Template] page, under Workflow: Initiate Enroll Request, click Add new principal for enroll request initiation. On the Edit Profile Template [FIM CM User Profile Template] page, next to the Principal box, click Lookup. On the Search for Users and Groups page, select Groups, and in the Name text box, type FIM CM Subscribers, and then click Search. When the search is finished, under User Logon, click fabrikam\FIM CM Subscribers. Click OK. Close Internet Explorer.

On our DC in Active Directory Site and Services\Services\Public Key Services\Profile Templates I have: - Our Company Smart Card Profile Template (created via http://fim2010/certificatemanagement) - FIM CM Sample Profile Template - FIM CM Sample Smart Card Logon Profile Template On our FIM CM server which is also SubCA in Active Directory Certificate Services/Domain-FIM_CM_server-CA/Certificate Templates i dont have "Our Company Smart Card Profile Template" How do i created "Our Company Smart Card Profile Template"? This are steps: Creating the Fabrikam smart card profile template In this section, you create the Fabrikam smart card profile template. To create the Fabrikam smart card profile template Log on to the QS-FIMCM server as the administrator. In Internet Explorer, browse to http://FIMCMserver/certificatemanagement. On the Forefront Identity Manager page, click Click to enter. On the Forefront Identity Manager Certificate Management home page, under Administration, click Manage profile templates. On the Profile Template Management page, select the FIM CM Sample Smart Card Logon Profile Template check box, and then click Copy a selected profile template. On the Duplicate Profile page, clear the New profile template name text box, and then type Fabrikam Smart Card Profile Template. Click OK. In next steps I had problem to find [FIM CM User Profile Template]!!! I dont see i on http://FIMCMserver/certificatemanagement/Manage profile templates so i do this steps on "Our Company Smart Card Profile Template". On the Edit Profile Template [FIM CM User Profile Template] page, scroll down to Smart Card Configuration, and then click Change Settings. In the User PINs section, under User PIN policy, select User Provided, and then click OK. On the Edit Profile Template [FIM CM User Profile Template] page, under Select a view, click Enroll Policy. On the Edit Profile Template [FIM CM User Profile Template] page, under Workflow: Initiate Enroll Request, click Add new principal for enroll request initiation. On the Edit Profile Template [FIM CM User Profile Template] page, next to the Principal box, click Lookup. On the Search for Users and Groups page, select Groups, and in the Name text box, type FIM CM Subscribers. Click Search. When the search is completed, under User Logon, click fabrikam\FIM CM Subscribers. Click OK. On the Edit Profile Template [FIM CM User Profile Template] page, under Select a view, click Retire Policy. On the Edit Profile Template [FIM CM User Profile Template] page, under Workflow: Initiate Enroll Request, click Add new principal for enroll request initiation. On the Edit Profile Template [FIM CM User Profile Template] page, next to the Principal box, click Lookup. On the Search for Users and Groups page, select Groups, and in the Name text box, type FIM CM Subscribers, and then click Search. When the search is finished, under User Logon, click fabrikam\FIM CM Subscribers. Click OK. Close Internet Explorer.